Splunk Search

Community Activity

Correlating field values and finding where they match Hello guys, So I have struggled writing search pipeline for this senario: I have comparing unique id(numerical valu... by sasisudas New Member in Splunk Search 04-11-2017 0 1	0	1
How to count number of item that sastify condition by small group For example, I have below data: Shop1 Day1 sell 11 Shop1 Day2 sell 14 Shop1 Day3 sell 20 Shop2 Day1 sell 15 Shop2 Da... by nguyentu New Member in Splunk Search 04-10-2017 0 2	0	2
How do I make a timechart show the times in horizontal instead of vertical? I am trying to run a search that shows how many unique ports a particular IP address access in a day over a seven pay... by ngoetz9915 New Member in Splunk Search 04-10-2017 0 1	0	1
Combining multiple CPU percentage instances to a single instance So I have CPU data from template for Citrix XenApp addon gathering CPU metrics. Each line on the graph is populated f... by shawngarrettsgp Path Finder in Splunk Search 04-10-2017 0 4	0	4
I have multiple whitelists in the same directory. How to edit inputs.conf to make sure it captures all the logs? I have all my switch and linux syslogs stored in a single directory - let's call it /var/log/syslog. I'm trying to as... by ejwade Contributor in Splunk Search 04-10-2017 0 2	0	2
how to sum http get/post/ delete in log sample? Total Get =4 Total Post = 10 Total PUT=30 Log files example index=index1 2017-04-08, logger="test1, AppId="100",", h... by jw44250 New Member in Splunk Search 04-10-2017 0 4	0	4
Using LOOKUP to insert a Regex string - is it possible? I want to insert a different regex string into my query for each host. I am thinking that a way to achieve this is b... by ipicbc Explorer in Splunk Search 04-10-2017 0 3	0	3
Outer query should display the results based on the inner query count i want to display the events based on subquery's count(say Mycount) . please help me with search query. index=abc so... by sravankaripe Communicator in Splunk Search 04-10-2017 0 2	0	2
How to use sum() for the $ values? Hi I have a csv file with $6.00, $6.11,etc as values. How can user sum() for these values? by kiran331 Builder in Splunk Search 04-10-2017 0 1	0	1
How to edit my search to find Fortinet Internet Browsing Time by User per Day? We have Fortinet FSSO in place and we have syslogs coming into Splunk. I need a way to report how much time users are... by wellmore Explorer in Splunk Search 04-10-2017 0 5	0	5
Only show null values from timechart values(source) Hello guys, could you tell me how to only show null cells from this kind of table, for alerting purpose? Search: in... by splunkreal Motivator in Splunk Search 04-10-2017 0 9	0	9
How to convert Local time to XML time format? Hi How to convert EVENT_LOCAL_TIME="2017-04-06 15:49:29.0" this time into XML time format? by kiran331 Builder in Splunk Search 04-10-2017 0 2	0	2
How do you track down inefficient field extractions? Just had to support a user with field extraction issues. While working on it, I noticed the report was still taking a... by twinspop Influencer in Splunk Search 04-10-2017 1 8	1	8
how to create line chart with multiple fields like timeline? hello, i have this raw table: 1 2 3 4 5 6 7 8 9 10 0 0 0 0 0 0 0 0 0 ... by avivn Explorer in Splunk Search 04-10-2017 0 3	0	3
+ fields command + question/observation on case sensititvity ... \| fields + _time GOUa this will give me my _time column on the left with other columns on the right matching th... by HattrickNZ Motivator in Splunk Search 04-10-2017 1 3	1	3
Eventtype or macros - Need Suggestion Hi Everyone, I need a suggestion to build the Splunk app or query . The situation is I had list of cities (lets... by himpor Engager in Splunk Search 04-10-2017 0 5	0	5
Data Enrichment from lookup with column header containing spaces Is it possible to use a csv file in a lookup specifically for data enrichment whereby the column header contains spac... by jacqu3sy Path Finder in Splunk Search 04-10-2017 0 8	0	8
How to configure LINE_BREAKER regex in props.conf? I have a data source that looks like this: I0908 09:35:18.395637 3109 vdisk_micro_migrate_egroup_op.cc:1075] ... I0... by louieb3 Path Finder in Splunk Search 04-10-2017 1 14	1	14
I have to subtract between 2 alternate rows. Like Row2-1,Row 4-3 . Not the difference between the consecutive rows. I used "Diff" but it gives diff b/w each row. Please suggest. TXName Period Value diffValue tx1 Period 1 25 tx1 Period 2 14 -11 tx2 Period 1 12 tx2 Period 2 20 8... by BTCM Engager in Splunk Search 04-10-2017 0 1	0	1
I have to find difference between alternate rows for a field like Row 2-1, Row 4-3. Not difference between all the consecutive rows. I used "diff" but it gives me difference between all the rows. Please suggest. TXName Period Value diffValue tx1 Period 1 25 tx1 Period 2 14 -11 tx2 Period 1 1... by BTCM Engager in Splunk Search 04-10-2017 1 1	1	1
How to break events as Every Line Hi All, What's the appropriate regex for event break Every Line? Is my props.conf correct? [index_name] LINE_BREAKE... by dantimola Communicator in Splunk Search 04-10-2017 0 2	0	2
Compare two field values and get matching third value from table Hello, i'm trying to do a search and then compare my result with a table from a .csv file (contains a table with ids... by ckunath Communicator in Splunk Search 04-10-2017 0 2	0	2
Count number of App IDs from log file The appId length can vary at any given time..it can be 1 or X length log files Log1 appId=1231 appId=12355 Log2 ... by jw44250 New Member in Splunk Search 04-09-2017 0 4	0	4
Move the Splunk from one server to another server What is the steps to move the Splunk, including the search and indexes from serverA to serverB? thks by SplunkCSIT Communicator in Splunk Search 04-09-2017 2 5	2	5
Real time search with python sdk and \| stats Hi guys, i think i'm missing something. I'm try to make a real time search with python sdk; after connection if i run... by maurelio79 Communicator in Splunk Search 04-09-2017 1 4	1	4